APPENDIX A 



"EXPRESS MAIL" Mailing Ubel Number EI267842785US 
Date of Deposit October 24. 1997 

I hereby certify under 37 CFR l.IO that this correspondence is being 
deposited with the United States Postal Service as "Express Mail 
Post Office To Addressee" with sufficient postage on the date 
indicated above and is^ddressed to the Assistant Commissioner for 
Patc^lOWasRington/D.C 20231. 





Tina GrijnsCead-Caiiipbell 



APPENDIX A 



Card Class File Format For Preferred Embodiment 

Introduction 

The card class file is a compressed form of the original class file(s). The card class file contains only the 
semantic information required to interpret Java programs from the original class files. The indirect 
references in the original class file are replaced with direct references resulting in a compact representation. 
The card class file format is based on the foilowing principles: 

1 . Stay close to the standard class file format: The card class file format should remain as close to the 
standard class file format as possible. The Java byte codes in the class file remain unaltered. Not 
altering the byte codes ensures that the structural and static constraints on them remain verifiably intact. 

2. Ease of implementation : The card class file format should be simple enough to appeal to Java Virtual 
Machine implemeniers. It must allow for different yet behaviorally equivalent implementations. 

3. Feasibiliiy: The card class file format must be compact in order to accommodate sman card 
technology. It must meet the consoraints of today's technology while not losing sight of tomorrow's 
innovations. 

This document is based on Chapter 4, *The class file format", in the book titled 'The Java™ Virtual 
Machine Specification"[l]. henceforth referred to as the Red book. Since the document is based on the 
standard class file format described in the Red book, we only present information that is different The Red 
book serves as the final authority for any clarification. 
The primary changes from the standard class file format are: 

• The constant pool is opdmized to contain only 16-bit identifiers and, where possible, indirection is 
replaced by a direct reference. 

• Attributes in the original class file are eliminated or regrouped. 

The Java Card class File Format 

This section describes the Java Card class file format. Each card class file contains one or many Java types, 
where a type may be a class or an interface. 

A card class file consists of a su-eam of 8-bit bytes. Ail 16-bit, 32-bit, and 64-bit quantities are constructed 
by reading in two, four, and eight consecutive 8-bil bytes, respectively. Multi-byte data items are always 
stored in big-endian order, where the high bytes come first. In Java, this format is supported by interfaces 
java.io.Datalnput and java.io.DataOutput and classes such as java.io.DataInputSlream and 
java.io.bataOutputSu-eam. 

We define and use the same set of data types representing Java class file data: The types ul, u2, and u4 
represent an unsigned one-, two-, or four-byte quantity, respectively. In Java, these types may be read by 
methods such as readUnsignedByte, readUnsignedShort, and readint of the interface java.io.DataInput. 
The card class file format is presented using pseudo-structures written in a C-Iike structure notadon. To 
avoid confusion with the fields of Java Card Virtual Machine classes and class instances, the contents of the 
structures describing the card class file format are referred to as items. UnUke the fields of a C structure, 
successive items are stored in the card class file sequentially, without padding or alignment. 
Variable-sized tables, consisting of variable-sized items, are used in several class file structures. Although 
we will use C-like array syntax to refer to table items, the fact that tables are streams of varying-sized 
structures means that it is not possible to direcdy translate a table index into a byte offset into the table. 
Where we refer to a data suijcture as an array, it is literally an array. 

In order to distinguish between the card class file su^cture and the standard class file structure, we add 
capitalization; for example, we rename field Jnfo in the original class file to Fieldlnfo in die card class file. 



Card Class File 



A card class file contains a single CardClassFiic structure: 
CardClassFiie { 
ui major_version; 
ul niinor^version: 
u2 namejndex; 
u2 const_size: 
u2 max^ciass: 

Cplnfo constant_pool(const_size]; 
Classlnfo class[max_class); 



The items in the CardClassFiie structure are as follows: 
niinor_version» major.version 

The values of the nunor_version and major_version items are the minor and major version numbers of the 
off-card Java Card Virtual Machine that produced this card class file. An implementation of the Java Card 
Virtual Machine normally supports card class files having a given major version number and minor version 
numbers 0 through some particular minor_version. 

Only the Java Card Forum may define the meaning of card class file version numbers. 



The value of the name.index item must represent a valid Java class name. The Java class name represented 
by name_index must be exactly the same Java class name that corresponds to the main application that is to 
run in the card. A card class file contains several classes or interfaces that constitute the application that 
runs in the card. Since Java allows each class to contain a main method there must be a way to distinguish 
the class file containing the main method which corresponds to the card application, 
const.size 

The value of const.size gives the number of entries in the card class file constant pool. A constant^oot 

index is considered valid if it is greater than or equal to zero and less than const^size. 

max.class 

This value refers to the number of classes present in the card class file. Since the*hame resolution and 
linking in the Java Card are done by the off-card Java Virtual Machine all the class files or classes required 
for an application are placed together in one card class file. 
coii5tant_pool[] 

The constant_pool is a table of variable-length smictures (0) representing various string constants, class 
names, field names, and other constants that are referred to within the CardClassFiie structure and its 
substructures. 

The first entry in the card class file is constant_pool[0). 

Each of the constant_pool table entries at indices 0 through const_size is a variable-length structure (0). 
class[] 

The class is a table of max^class classes that constitute the application loaded onto the card. 

Constant Pool 

All consiant_pool table entries have the following general format: 
Cplnfo { 

ul tag; 
ul info[]; 

} 

Each item in the constani_pool table must begin with a 1-byie tag indicaung the kind of cpjnfo enuy. The 
contents of the info array varies with the value of tag. The valid tags and their values are the same as those 
specified in the Red book. 

Each tag byte must be followed by two or more bytes giving information about the specific constant. The 
format of the additional information varies with the tag value. Currently the only tags that need to be 
included are CONSTANT.Class, CONSTANT^FieldRef, CONSTANT_MeihodRef and 
CONSTANT^InterfaceRef. Support for other tags be added as they are included in the specification. 
CONSTANT^Class 



namejndex 




The CONSTANT_Class_info structure is used to represent a class or an interface: 
CONSTANT.ClassInfo { 
ul tag; 

u2 namejndex: 

) 

The items of the CONSTANT_Class_info structure are the following: 
tag 

The tag item has the value CONSTANT^Ciass (7). 
namejndex 

The value of the name^index item must represent a valid Java class name. The Java class name represented 
by name^index must be exactly the same Java class name that is described by the corresponding 
CONSTANT_Class enU7 in the constant^pool of the original class file. 
CONSTANT_FieIdref. CONSTANT^Methodref, and CONSTANT JnterfaceMcthodref 
Helds, methods, and interface methods arc represented by similar structures: 
CONSTANT.Fieldreflnfo { 
ul lag; 

u2 class.index; 
u2 name_sig_index; 

} 

CONSTANT.Meihodreflnfo { 
ul tag; 

u2 class Jndex; 
ii2 name_sig.index; 

) 

CONSTANT JnterfaceMethodreflnfo { . 
ul tag; 

u2 class Jndex; 
u2 name_sig_index; 

} 

The items of these structures are as follows: 
tag 

The tag item of a CONSTANT.Fieldreflnfo structure has the value CONSTANT.Fieldref (9). 

The tag item of a CONSTANT.Methodreflnfo structure has the value CONSTANT.Methodref (10). 

The tag item of a CONSTANT JnterfaceMelhodreflnfo structure has the value 

CONSTANT JnterfaceMcthodref (11). 

classs Jndex 

The value of the class Jndex item must represent a valid Java class or interface name. The name represented 
by class Jndex must be exactly the same name diat is described by the corresponding 
CONSTANT^ClassJnfo ctiny in the constant^pool of the original class file. 
naine_sig_index 

The value of the name_sig Jndex item must represent a valid Java name and type. The name and type 
represented by name_sig_index must be exactly the same name and type described by the 
CONSTANT_NameAndType Jnfo entry in the consiant^pool structure of the original class file. 



Each class is described by a fixed-length Classlnfo structure. The format of this structure is: 
Classlnfo { 

u2 namejndex; 
ul max_field; 
ul max_sfield; 
ul max_method; 
ul maxjnterface; 
u2 superclass; 
u2 access.flags; 



Class 




Fieldlnfo fieldfmax^neld+max^sfield]; 
Inierfacelnfo interface(maxjnierface); 
Methodlnfo method [max_meihod); 

1 

The items of the Classlnfo structure are as follows: 
namejndex 

The value of the name.index item must represent a valid Java class name. The Java class name represented 
by name.index must be exactly the same Java class name that is described in the corresponding ClassFile 
structure of the original class file, 
max.fleld 

The value of the max_field item gives the number of Fieldlnfo (0) structures in the field table that represent 
the instance variables, declared by this class or interface type. This value refers to the number of non-static 
the fields in the card class file. If the class represents an interface the value of max.field is 0. 
max^sfield 

The value of the max_sfield item gives the number of Fieldlnfo structures in the field table that represent 
the class variables, declared by this class or interface type. This value refers to the number of static the 
fields in the card class file, 
max.method 

The value of the max_method item gives the number of Methodlnfo (0) structures in the method table, 
maxjnterface 

The value of the max.interfacc item gives the number of direct superinterfaces of this class or interface 
type. 

superclass 

For a class, the value of the superclass item must represent a valid Java class name. The Java class name 
represented by superclass must be exactly the same Java class name that is described in the corresponding 
ClassFile structure of the original class file. Neither the superclass nor any of its superclasses may be a final 
class. 

If the value of superclass is 0\ then this class must represent the class java.lang.Object, the only class or 
interface without a superclass. 

For an interface* the value of superclass must always represent the Java class java.Iang.Object. 
access.flags 

The value of the access^flags item is a mask of modifiers used with class and interface declarations. The 
access_flags modifiers and their values are the same as the access.flags modifiers in the corresponding 
ClassFile structure of the original class file, 
fieldn 

Each value in the field table must be a fixed-length Fieldlnfo (0) structure giving a complete description of 
a field in the class or interface type. The field uble includes only those fields thai are declared by this class 
or interface. It does not include items representing fields that are inherited fi-om superclasses or 
superinterfaces. 
interfaceQ 

Each value in the interface array must represent a valid interface name. The interface name represented by 
each entry must be exactly the same interface name that is described in the corresponding interface array of 
the original class file, 
methodn 

Each value in the method table must be a variable-length Methodlnfo (0) structure giving a complete 
description of and Java Virtual Machine code for a method in the class or interface. 
The Methodlnfo structures represent all methods, both instance methods and, for classes, class (static) 
methods, declared by this class or interface type. The method table only includes those methods that are 
explicitly declared by this class. Interfaces have only the single method <clinit>, the interface initialization 
method. The methods table does not include items representing methods that are inherited from superclasses 
or superinterfaces. 



* Or a standard yet fixed value. 



Fields 



Each field is described by a fixed-Iensih fieldjnfo siruciure. The format of this structure is 
Fieldlnfo { 

u2 name^index: 
u2 signature Jndex; 
u2 access_flaes; 

) 

The items of the Fieldlnfo structure are as follows: 
name.index 

The value of the name_index iteni must represent a valid Java field name. The Java field name represented 
by name Jndex must be exactly the same Java field name that is described in the corresponding fieldjnfo 
suucture of the original class file, 
signaturejndex 

The value of the signaturejndex item must represent a valid Java field descriptor. The Java field descriptor 
represented by signature index must be exactly the same Java field descriptor that is described in the 
corresponding fieldjnfo structure of the original class file, 
access.flags 

The value of the access_flags item is a mask of modifiers used to describe access permission to and 
properties of a field. The access^flags modifiers and their values are the same as the access_flags modifiers 
in the corresponding field_info suucture of the original class file. 



Each method is described by a variable-length Methodlnfo structure. The Methodlnfo suiicture is a 
variable-length structure that contains the Java Virtual Machine insoructions and auxiliary information for a 
single Java method, instance initialization method, or class or interface initializadon method. The structure 
has the following format: 
Methodlnfo { 
u2 name Jndex; 
u2 signature.index; 
ul maxjocal; 
ul max.arg; 
ul max_suck: 
ul access_flags; 
u2 code_length; 
u2 exception.length; 
ul code[code_lengih]; 
( u2 start^pc; 
u2 end_pc; 
u2 handler_pc; 
u2 catch.type; 
) einfo[exception_length]; 

) 

The items of the Methodlnfo structure are as follows: 
namejndex 

The value of the namejndex item must represent either one^of the special internal method names, either 
<init> or <clinit>, or a valid Java method name. The Java method name represented by namejndex must be 
exactly the same Java method name that is described in the corresponding method Jnfo structure of the 
original class file, 
signaturejndex 

The value of the signature^index item must represent a valid Java method descriptor. The Java method 
descriptor represented by signature_index must be exactly the same Java method descriptor that is described 
in the corresponding method Jnfo structure of the original class file. 



Methods 



max.iocai 




The vaiue of the max^Iocals item gives the number of local variables used by this method, excluding the 
parameters passed to the method on invocation. The index of the first local variable is 0. The greatest local 
variable index for a one-word value is max Jocals- 1 . 
max_arg 

The vaiue of the max_arg item gives the maximum number of arguments to this method, 
max.stack 

The value of the max.stack item gives the maximum number of words on the operand stack at any point 

during execution of this method. 

access.flags 

The vaiue of the access_fiags item is a mask of modifiers used to describe access permission to and 
properties of a method or instance initialization method. . The access^flags modifiers and their values are 
the same as the access.flags modifiers in the corresponding method Jnfo structure of the original class file, 
codejength 

The value of the codejength item gives the number of bytes in the code array for this method. The value of 

code.length must be greater than zero; the code array must not be empty. 

excepdonjength 

The vaiue of the exception Jength item gives the number of entries in the exception Jnfo table. 
code[] 

The code array gives the actual bytes of Java Virtual Machine code that implement the method. When the 

code array is read into memory on a byte addressable machine* if the first byte of the array is aligned on a 4- 

byte boundary, the tableswitch and lookupswitch 32-bit offsets will be 4-byte aligned; refer to the 

descriptions of those instructions for more information on the consequences of code array alignment. 

The detailed constraints on the contents of the code array are extensive and are the same as described in the 

Java Virtual Machine Specification. 

einfoD 

Each entry in the einfo array describes one exception handler in the code array. Each einfo entry contains 
the following items: 
startup c, end_pc 

The values of the two items start_pc and end.pc indicate the ranges in the code array at which the exception 
handler is active. 

The value of start_pc must be a valid index into the code array of the opcode of an instrucuon. The value of 
end.pc either must be a valid index into the code array of the opcode of an instrucdon, or must be equal to 
code.lengih, the length of the code array. The vaiue of stan_pc must be less than the value of end_pc. 
The start_pc is inclusive and end_pc is exclusive; that is, the exception handler must be active while the 
program counter is within the interval (stan^pc, end_pc]. 
handler.pc 

The vaiue of the handler_pc item indicates the start of the exception handler. The value of the item must be 
a valid index into the code array, must be the index of the opcode of an instruction, and must be less than 
the value of the code.length item, 
catch.type 

If the value of the catch.type item is nonzero, it must represent a valid Java class type. The Java class type 
represented by catch.type must be cxacdy the same as the Java class type that is described by the 
catch.type in the corresponding meihod_info structure of the original class file. This class must be the class 
Throwable or one of its subclasses. The exception handler will be called only if the thrown exception is an 
instance of the given class or one of its subclasses. 

If the value of the catch_type item is zero, this exception handler is called for all exceptions. This is used to 
implement finally. 

Attributes 

Attributes used in the original class file are either eliminated or regrouped for compaction. 
The predefined attributes SourceFile, Constant Value, Exceptions, LineNumberTable, and Local- 
VariableTable may be eliminated without sacrificing any information required for Java byte code 
interpretation. 



The predefined attribute Code which contains all the byte codes for a panicular method are moved in the 
corresponding Methodlnfo structure. 



Constraints on Java Card Virtual Machine Code 

The Java Card Virtual Machine code for a method, instance initialization method, or class or interface 
initialization method is stored in the array code of the Methodlnfo structure of a card class file. Both the 
static and the structural constraints on this code array are the same as those described in the Red book. 
Limitations of the Java Card Virtual Machine and Java Card class File Format 

The following limitations in the Java Card Virtual Machine are imposed by this version of the Java Card 
Virtual Machine specification: 

• The per-card class file constant pool is limited to 65535 entries by the 16-bit const^size field of the 
CardClassFile suiicture (0). This acts as an internal limit on the total complexity of a single card class 
file. This count also includes the enoies corresponding to the constant pool of the class hierarchy 
available to the application in die card.^ 

• The amount of code per method is limited to 65535 bytes by the sizes of the indices in the Methodlnfo 
structure. 

• The .number of local variables in a method is limited to 2SS by the size of the maxjocal item of the 
Methodlnfo structure (0). 

• The number of fields of a class is limited to 5 10 by the size of the max^field and the max^sfield items 
of die Classlnfo structure (0). 

• The number of methods of a class is limited to 255 by the size of the max^method item of the Classlnfo 
structure (0). 

• The size of an operand stack is limited to 255 words by the max^stack field of the Methodlnfo structure 
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^ A single card class file constant pool has 65535-A entries available, where A corresponds to the number of 
entries in the constant pool of the class hierarchies accessible to the applicauon. 
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String To ID Input And Output 

For the correct operation of Card JVM it is very imponant that the declared and generated IDs are correctly 
mariaged. This management is controiJed by the definitions in the string to ID input file String-ID D<Map 
Iliis textual file the basis for which is shown below, declares which areas of the namespace can be used for 
What purposes. One possible arrangement of this map may reserve some IDs for internal use by the Card 
JVM interpreter, and the rest is. allocated to Card JVM applications. 

» 

# string-ID INMap file. 
# 

# 4000 - 7FFF Available for applicacion use. 

» FOOO - FFFE Reserved for Card JVM's internal use. 
w 



consteuitBase FOOO 



MainApplication 
main ( ) V 

java/lang/Object 

java/lang/String 

<init>()V 

<clinit>()V 

[L 

[I 

EC 

CB 

cs 
# 

constantBase FFFO 

L 

V 

I 

S 

c 

B 
Z 
» 

constantBase 4000 



» The area from FOOO to FFFF is reserved for 

# Card JVM's internal use. 

# FOOO - Name of the startup class 

# (changes for each application) 
FOOl - Name of the startup method 
(may change for each application) 
F002 

F003 
F004 
F005 
F006 
F007 
F008 
F009 
FOOOA 



# This area is reserved for simple return types. 

# FFFO 

# FFFl 

# FFF2 

# FFF3 

# FFF4 

# FFF5 

# FFF6 

# From here on this space is application dependent. 



n^^n^^^' applications which arc to be loaded into a smart card are allocated their own IDs within the 
0x4000 to OxTFFF. This space is free for each application since no loaded application is permitted to access 
other applications. 

Care must be taken on managing the IDs for preloaded class libraries. The management of these IDs is 
helped by the (optional) generation of the string to ID output file String-ID OUTMap file. This map is the 
Stnng-ID INMap augmented with die new String-ID bindings. These bindings may be produced when the 
Card Class File Converter application terminates. The String-ID OUTMap is generated for support 
libranes and OS interfaces loaded on the card. This map may be used as the String-ID INMap for smart 
card applications using the support libraries and OS interfaces loaded on the card. When building new 
applications this file can generally be discarded. 



As an example consider the following Java program, HelloSmanCard.java. When compiled ii generates a 
class file HeiloSmanCard.class. This class file has embedded in it strings that represent the class name, 
methods and type information. On the basis of the String-ID INMap described above Card Class File 
Convener generates a card class file that replaces the strings present in the class file with IDs allocated by 
Card Class File Convener. Table 1 lists the strings found in the constant pool of HelloSmanCardxlass with 
their respective Card Class File Convener assigned IDs. Note thai some strings (like 
"java/lang/Objecc") have a pre-assigned value (F002) and some strings (like " ( ) V) get a new 
value (4004). 



public class HelloSmarcCard { 
public byte aVariable; 

public static void main() { 

HelloSmartCard h = new HelloSmartiCardO ; 
h. aVariable = (byte) 13; 

} 

} 



Program : HeIIoSniartCard.java 



Offset 

(in Constant Pool) 


String 


ID 


Mapped New/ 
Mapped/Old 


OOOOOA 


"Code" 


4000 


New 


000011 


"SourceFile" 


4001 


New 


OOGOIE 


"ConsiantValue" 


4002 


New 


00002E 


"Exceptions" 


4003 


New 


00003B 


"HelloSmanCard" 


FOOO 


Old 


0(X)04C 


"java/lana/Objeci" 


F002 


Old 


000062 


"<init>" 


F004 


Old 


00006E 


"()V" 


4004 


New 


000074 


"aVariable" 


4005 


New 


00008A 


"B" 


FFF5 


Old 


00008E 


"HelloSmanCard.java" 


4006 


New 


0OOOB3 


"main" 


FOOl 


Old 



Relevant entries of String-ID OUTMap 
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Byte codes supported by the Card JVM in the preferred embodiment 



AALOAD 


AA6 lURb 


ACONST_NULL 


AT OAH 


ALOAD_0 


AL0AD_1 




AL0AD_3 


ARETURN 




ASTORE 


ASTORE.O 


A CXOD C 1 


AST0RE_2 


AST0RE_3 


AlrlKU W 


BALOAD 


BASTORE 


CribCKCAST 


DUP 


DUP2 




DUP2_X2 


DUP_XI 


r\T TD "VO 


GblUHLD 


GETSTATIC 


vjUTO 


lADD 


lALOAD 


r A xrr\ 


lASTORE 


ICONST.O 




ICONST.Z 


IC0NST_3 




IC0NST_5 


ICONST.Ml 


IDIV 


DFEQ 


IFGE 


IrUi 


IFLE 


EFLT 


IFNE 


IFNONNULL 


BFNULL 


lr_ACMPEQ 


IF^ACMPNE 


DFJCMPEQ 


lr_ICMPGE 


IFJCMPGT 


EFJCMPLE 


TC TIT 'T^ 

irJCMPLT 


IFJCMPNE 


IINC 


TT r\Ar^ 


ILOAD^O 


ILdAD_l 


TT ^ A O 


IL0AD„3 


D4UL 


IXNXlVJ 


INSTANCEOF 


INT2BYTE 




INT2SHORT 


INVOKEINTERFACE 


rMvoirPMr\M\7Ti) tht tat 


INVOKESTATIC 


INVOKEVIRTUAL 


TOR 


IREM 


IRETURN 






ISTORE 


ISTORE_0 


ISTORE.l 


IST0RE_2 


IST0RE_3 


ISUB 


lUSHR 


KOR 


JSR 


LDCl 


LDC2 


LOOKUPSWTTCH 


NEW 


NEWARRAY 


NOP 


POP 


POP2 


PUTFIELD 


PUTSTATIC 


RET 


RETURN 


SALOAD 


SASTORE 


SIPUSH 


SWAP 


TABLESWrrCH 


BIPUSH 





Standard Java byte codes numbers for the byte codes supported in the 
preferred embodiment 



package ucil; 



/ 



Lisc of actual Java Bytecodes handled by chis JVM 
rec. Lindohlm and Yellin. 

Copyright (c) 1996 Schlumberger Austin Products Center, 
Schlumberger, Austin, Texas. USA. 



public interface BytecodeDefn ( 

public static ^inal byte j_NOP = (byte)O; 
public static final byte ACONST_NULL = (byte)l; 
public static final byte IC0NST_M1 = (byte) 2; 
public static final byte ICONST_0 = (byte) 3; 
piiblic static final byte IC0NST_1 = (byte) 4; 
public static final byte IC0NStI2 = (byte) 5; 
pxiblic static final byte IC0NST_3 = (byte) 6; 
public static final byte IC0NST_4 = (byte) 7; 
public static final byte IC0NST_5 = (byte) 8; 
public static final byte BIPUSH = (byte) 16; 
public static final byte SIPUSH = (byte) 17; 
public static final byte LOCI = (byte) 18; 
public static final byte LDC2 » (byte) 19; 
public static final byte ILOAD = (byte) 21; 
public static final byte ALOAD = (byte)25; 
public static final byte ILOAD^O = (byte) 26; 
public static final byte IL0AD_1 = (byte) 27; 
public static final byte IL0AD__2 = (byte) 28; 
public static final byte IL0AD_3 = (byte) 29; 
public static final byte ALOAD_0 = (byte) 42; 
public static final byte AL0AD_1 = (byte) 43; 
public static final byte AL0AD_2 = (byte) 44; 
public static final byte AL0AD_3 « (byte) 45; 
public static final byte lALOAD = (byte) 46; 
public static final byte AALOAD = (byte) 50; 
public static final byte BALOAD = (byte) 51; 
public static final byte CALOAD = (byte) 52; 
public static final byte ISTORE = (byte) 54; 
public static final byte ASTORE = (byte)58; 
public static final byte ISTORE_0 = (byte) 59; 
public static final byte ISTORE^I = (byte) 60; 
public static final byte IST0RE_2 = (byte) 61; 
public static final byte IST0ReI3 = (byte) 62; 
public static final byte ASTORE__0 = (byte) 75; 
public static final byte ASTORE^l = (byte) 76; 
public static final byte AST0RE_2 = (byte) 77; 
public static final byte AST0RE_3 = (byte) 78; 
public static final byte lASTORE « (byte) 79; 
public static final byte AASTORE = (byte) 33; 
public static final byte BASTORE = (byte) 84; 
public static final byte CASTORE = (byte) 85; 
public static final byte POP = (byte) 87; 
public static final byte P0P2 = (byte) 88; 
public static final byte DUP = (byte) 89; 
public static final byte DUP_X1 = (byte) 90; 
public static final byte DUP_X2 = (byte) 91; 
public static final byte DUP2 = (byte) 92; 
public static final byte DUP2_X1 = (byte) 93; 
public static final byte OUP2_X2 = (byte) 94; 
public static final byte SWAP = (byte)95; 
public static final byte lADD = (byte)96; 
public static final byte ISUB = (byte) 100; 
public static final byte IMUL = (byte) 104; 
public static final byte IDIV = (byte) 108; 
public static final byte IREM = (byte) 112; 




public stacic final byte INSG = (byce)116; 
public scacic final byte ISHL = (byte) 120; 
public static final byte ISHR = (byte)122; 
public static final byte lUSHR = (byte) 124; 
public static final byte lAND = (byte) 126; 
public static final byte lOR = (byte) 128; 
public static final byte IXOR = (byte) 130; 
public static final byte IINC = (byte)132; 
public static final byte INT2BYTE = (byte) 145; 
public static final byte INT2CHAR = (byte) 146; 
public static final byte INT2SH0RT = (byte) 147; 
public static final byte IFE(J = (byte) 153; 
public static final byte IFNE = (byte) 154; 
public static final byte IFLT = (byte) 155; 
public static final byte IFGE = (byte) 156; 
public static final byte IFGT s (byte) 157; 
public static final byte IFLE = (byte) 158; 
public static final byte IF_ICMPEQ = (byte) 159; 
public static final byte IF_I(31PNE = (byte) 160; 
public static final byte IF^ICKPLT = (byte) 161; 
public stacic final byte IF_ICMPGE = (byte) 162; 
public static final byte IF_I(31PGT = (byte) 163; 
public static final byte IF^ICMPLE = (byte) 164; 
public static final byte IF^ACMPEQ = (byte) 165; 
public static final byte IF^ACMPNE = (byte) 166; 
public static fizxai byte GOTO = (byte) 167; 
public static final byte j.JSR = (byte) 168; 
public static final byte RET = (byte) 169; 
public static final byte TABLESWITCH = (byte) 170; 
public static, final byte LOOKUPSWITCH = (byte) 171; 
public static final byte IRETURN = (byte) 172; 
public static final byte ARETURN = (byte) 176; 
public static final byte RETURN = (byte) 177; 
public static final byte GETSTATIC = (byte) 178; 
public static final byte PUTSTATIC » (byte) 179; 
public static final byte GETFIELD = (byte) 180; 
public static final byte PUTFIELO = (byte) 181; 
public static final byte INVOKEVIRTUAL = (byte) 182; 
public static final byte INVOKENONVIRTUAL = (byte) 183; 
public static final byte INVOKESTATIC = (byte) 184; 
public static final byte INVOKEINTERFACE = (byte) 185; 
public static final byte NEW = (byte) 187; 
public static final byte NEWARRAY = (byte) 188; 
public static final byte ARRAYXiENGTH = (byte) 190; 
public static final byte ATHROW = (byte) 191; 
public static final byte CHECKCAST = (byte) 192; 
public static final byte INSTANCEOF = (byte) 193; 
public static final byte IFNULL = (byte) 198; 
public static final byte IFNONNULL » (byte) 199; 
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APPENDIX D 

Card Class File Converter byte code conversion process 

/• 

* Reprocess code block. 

♦/ 
scacic 
void 

reprocessMethod(iMethod* imech) 

int PC; 
int npc; 
int align; 
bytecode* code; 
inc codelen; 
ixic i; 
int opad; 
int npad; 
int ape; 
int high; 
int low; 

/• codeinfo is a table that keeps track of the valid Java bytecodes and their 
corresponding translation 

V 

code = imeth->extemal->code; 

codelen = imeth->extemal->code_length; 



r 



L' 



jUfflpPos B 0; 

align = 0; 

/• Scan for unsupported opcodes */ 

for (pc = 0; pc < codelen; pc = npc) { 
if (codeinfo(code[pc] ] .valid 0) { 
^ error ("Unsupported opcode %d*, codeCpc)); 

npc = nextPC(pc. code); 

} 

/♦ Scan for jump instructions an insert into juap table •/ 

for (pc =0; pc < codelen; pc = npc) { 
npc = nextPC(pc, code); 

if (codeinfotcodefpcJJ.valid == 3) ( 

^ insertJu2np(pc+l, pc, (intlS) ( (code(pc>ll « 8) | code(pc+2) ) ) ; 

else if {codeinfo(code(pc)] .valid 4} { 
ape = pc & -4; 

low » (code(apc+81 « 24) | (code{apc+91 « 16) 

I (codeCapci-lO) « 8) | code(apc+il] ; 
high = (codelapcfiaj « 24) j (code (ape i-13 ] « 16) 

I {coderapc+141 « 8) | code(apci-15] ; 
for (i =0; 1 < high-low>l; i+-^) { 

insertJump(apci-(i*4) •►IS. pc, 
^ (intl6) ((code(apC'»-(i»4)'^181 « 8) | code(apc+(i«4) ♦IS) ) ) i 

^ insertJuinp(apc+6, pc, (intl6) ( (code(apc+61 « 8) | code(apc*7 J ) ) ; 

else if (codeinfofcode(pc) 1 .valid == 5) ( 
ape = pc fit -4; 

low = (code(apc-^81 « 24) | (code{apc>91 « 16) 

I (code(apcflO] « 8) | code{apc*lll ; 
for (i s 0; i < low; i+*) { 

insertJuinp(apc-»' (i*8) +18, pc, 
^ (intl6)( (eode(ape+(i»8)*l8J << 8) | codetapc* (i'8) +19 1 ) ) ; 

^ insertJump{apc+6, pc, (intl6) ( (code(apc^61 « 8) | code(apci-71 ) ) ; 



»ifdef TRANSLATS_3YTEC0DE 

/' Tranalata specific opcodea to geaoral onoa •/ 

ror (pc = 0; pc < codelen: pc = npc) { 
/• This is a cranslacion code '/ 
if (codeinf o{ code (pc) J .valid == 2) { 
switch (code(pcj) { 
case I LOADED: 
case ILOAdIi: 
case IL0AD_2: 
case IL0AD.3: 

insercSpace(code, fccodelen, pc. 1); 
align I; 

code(pc-»-l] = code(pc] - ILOAD 0; 

code(pc*OJ = iLOADf 

break; 

case ALOAD^O: 
case ALOAdIi: 
case AL0AD_2: 
case AU)AD_3: 

insertSpace(code, tcodelen. pc. l) ■ 

align 1; 

codelpci-l) = code (pel - ALOAD 0; 

COdeCpc+OI a ALOAD; 

break; 

case ISTORE.O: 
case IST0RE_1: 
case IST0RE_2 : 
case IST0RE_3 : 

insertSpace{code, tcodelen, pc, 1); 

align 1; 

code(pct>l] = code (pel - ISTORE_0; 

CodeCpci-O) = ISTORE; 

break; 

case ASTORE_0: 
case AST0RE_1: 
case AST0ReI2: 
case AST0ReI3 : 

insertSpace(code. tcodelen. pc, 1); 

align += i; 

code(pc+ll ' code (pel - ASTORE 0; 

code(pc+01 = ASTORE; 

break; 

case IC0NST_M1: 

insertSpace(code, &codelen. pc. 2); 

align 2; 

code(pci-2) = 255; 

code(pci-l) = 255; 

code (pc 1-0 1 = SIPUSH; 

break; 

case ICONST_0: 
case ICONST.l: 
case IC0NST_2: 
case IC0NST.3: 
case IC0NST_4: 
case IC0NST_5: 

insercSpace(code. tcodelen. pc. 2)- 
align 2; 

code(pci-2] = codetpcj - ICONST 0; 
code(pc+l] =0; 
code(pc+0) = SIPUSH; 
break; 

case LOCI: 

insertSpace(code. tcodelen. dc. 1) • 
align 1; v . . 

code(pc+ll = 0; 
codefpct-oj s LDC2; 
break; 



case BI?USH: 

insercSpace (code, icodelen, pc. i) ; 
align += 1; 

if ( (int8)code(pc*21 0) { 
code(pc+lJ * 0; 

) 

else { 

codelpC't-I] 5 255: 

) 

code{pc*OJ = S I PUSH; 
break; 

case INT2 SHORT: 

rexnoveSpace(code. &codelen, pc« 1): 
align -= 1; 
npc = pc; 
continue; 

) 

) 

else if (codeinfo(code (pel 1 .valid == 4 | | codeinfo (code (pel 1 .valid == 5) ( 
/• Switches are aligned to 4 byte boundaries. Since we are inserting and 

• removing bytecodes, this may change the alignment of switch instructions. 

* Therefore, we must readjust the padding in switches to compensate. 
•/ 

opad = (4 - {((pc+l) - align) % 4)) % 4; /• Current switch padding •/ 
npad = (4 - ( (pc+1) % 4)) % 4; /• New switch padding */ 

if (npad > opad) ( 

insertSpace(code, &codelen. pol, npad - opad); 

align ♦= (npad - opad) ; 

} 

else if (npad < opad) { 

removeSpace(code, &codelen, pc+1, opad - npad); 
align -= (opad - npad) ; 

) 

) 

npc a nextPC(pc, code); 

} 

^ #endif 



/* Ralink constants •/ 

for (pc =0; pc < codelen; pc = npc) { 
npc = nextPCCpc, code); 

i = (uintl6) ( (code(pc-»-ll << 8) ^ code [pc^-2 1 ) ; 

switch (code(pcj) ( 
case LDC2: 

/• 'i' =s general index •/ 
switch (cltem(i) .type) { 
case CONSTANT_Integer : 
i = cltem(i) .v. tint; 
code(pcJ = SIPUSH; 
break; 

case CONSTANT_String: 
i a buildStringlndex(i) ; 
break; 

default: 

error ( 'Unsupported loading of constant type"); 
break; 

) 

break; 

case NEW: 

case INSTANCEOF: 

case CHECKCAST: 

/• 'i' s= class index •/ 

i s buildClassIndex(i) ; 

break; 

case GETFIELD: 
case PUTFIELD: 

/• 'i' == field index •/ 



/* i = builoFieidSignacurelndexl i) ; •/ 
i = buildStaticFieidSignaturelndex(i) ; 
break; 



case CETSTATIC: 
case PUTSTATIC: 

/* 'i' =3 field index •/ 

i - buildStacicFieldSignacurelndexd) ; 

break; 

case INVOKEVIRTUAL: 
case INVOKENONVIRTUAL: 
case INVOKESTATIC: 
case INVOKEINTERFACE: 

/* 'i' == mechod signacure index •/ 

i = buildSignacurelndex(i) ; 

break ; 



/* Insert applicacion constanc reference •/ 
codeCpc+ll = (i >> 8) & OxFF; 
code(pci'2) = i & OxFF; 



ftifdef MODIFY.BYTECODE 
/* TraziBlate eodaa */ 

for (pc = 0; pc < codelen; pc = npc) { 
npc = nexcPCCpc, code); 

code(pc] s codeinfo (code (pen .trans lacion; 

) 

tendif 



/* RallBk juaps */ 

for (i = 0; i < jumpPos; i++) { 
ape s jiunpTableCi] .ac; 
pc - jumpTabled) . from; 
npc = jurspTabled] . Co - pc; 

code(apc+0) = (npc » 8) & OxFF; 
code ( ape i-l) = npc & OxFF; 

> 

/• Fixup length •/ 

imeth->extemal->code_lengch = codelen; 
imeth->e5ize » (SIZEOFMSTKOO > codelen 3) & 



> 



> 
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APPENDIX E 



Example Loading And Execution Control Program 



public class Bootstrap { 



// Constants 
static final 
static final 
static final 
static final 
static final 

static final 
static final 
static final 
static final 

static final 
static final 
static final 
static final 
static final 
static final 

static final 
static final 



used throughout the program 

byte BUFFER^LENGTH 

byte ACK^SIZE 

byte ACK_CODE 

byte OS_HEADER_SIZE 

byte GPOS_CREATE_FILE 

byte ST_INVALID_CLASS 
byte ST_INVALID_PARAMETER 
byte ST_INS_NOT_SUPPORTED 
byte ST_SUCCESS 

byte ISO^COMMAND^LENGTH 
byte ISO_READ_BINARY 
byte ISO_UPDATE_BINARY 
byte XSO_INIT_APPLICATION 
byte ISO_VERIFY_KEY 
byte ISO_SELECT_FILE 

byte ISO_CLASS 
byte ISO_APP_CLASS 



32; 

(byte) l; 
(byte) O^- 
Cbyte) 0x10; 
(byte) OxEO; 

(byte)OxCO 
(byte)OxAO 
(byte)OxBO 
(byte) 0x00 

(byte) 5; 
(byte)OxBO 
(byte) 0xD6 
(byte)0xF2 
(byte)0x2A 
(byte) OxA4 

(byte)OxCO; 
(byte)OxFO; 



public static void main () { 

byte pbufferC) = new byte(ISO_COMMAND_LENGTHj ; 

byte dbufferO = new byteCBUFFER_LENGTH) ; 

byte ackByte(j = new byte(ACK_SIZEI ; 

//short fileld; 

short offset; 

byte bReturnStatus; 

// Initialize Coinmuni cat ions 
_OS.SendATR() ; 

do ( 

// Retrieve the command header 

_OS.GetMessage(pbuffer. ISO.COMMAND.LENGTH, ACK.CODE) ; 

// Verify class of the message - Only ISO + Application 
if ((pbuffer(0] != ISO_APP_CLASS) 
&St (pbufferCOJ != ISO^CLASS) ) { 

_OS.SendStatus(ST_INVALID CLASS); 

} 

else ( 

//go through the switch 

// Send the acJcnowledge code 

// Verify if data length too large 
if (pbuffert4] > BUFFER.LENGTH ) { 

bReturnStatus = ST_INVALID_PARAMETER; 

} 

else 
{ 

switch (pbuffertU) ( 
case ISO_SELECT_FILE: 

//we always assume that length is 2 

if (pbuffer(4] != 2) { 

bReturnStatus = ST_INVALID_PARAMETER; 

} 

else 
( 

// get the f Held (of f set) in the data buffer 
_OS.GetMessage(dbuf fer, (byte) 2, pbufferd]}; 
// cast dbuf feriO. . il into a short 



offset = (short) ((dbuffer(O) c< 8) ( {dbufferdJ & OxOOFF) ) 
oReturnStatus = _OS.SelectFile (of f set) ; 

break ; 

case ISO^VERIFY^KEY: 

// Gee the Key from the terminal 
_OS.GetMessage<dbuffer. pbufferC4), pbufferdj); 

bReturnScatus = _OS.VerifyKey(pbuf fer (3 J , 

dbuffer, 
pbu£fer(4}) ; 

break; 

case ISO_INIT_APPLICATION: 

// Should send the id of a valid program file 
_OS.GetMessage(dbuffer, (byte)l, pbuffer(ll); 
// compute f ileId(of fset) from pbuf f er (2 . . 3 ) via casting 
offset = (short) ( (pbuf fer(21 << 8) | (pbuffer(3] & OxOOFF)); 
bReturnStatus = _OS.EXecute(of f set, 

dbufferOI); 

break ; 
case GPOS_CREATE_FILE; 

if (pbuffer(4) != OS_HEADER_SIZE) { 

bReturnStatus = ST_INVALID_PARAMETER; 

break; 

) 

// Receive The data 

_OS.GetMessage(dbuffer, pbuffer(4]« pbuffer(l)); 
bReturnScatus = _OS.CreateFile (dbuf fer) ? 
break; 

case ISO_UPDATE_BINARY: 

f;arMaggnge(dbu£fer> pbuffer[4], pbufferdl); 
// compute offset from pbuf f er ( 2 . . 3 ) via casting 
offset = (short) ((pbuffer(2} « 8) | (pbufferOl t OxOOFF) ) ; 
// assumes that a file is already selected 
bReturnStatus s _OS.WriteBinaryFile (offset* 

pbuffer[4), 
dbuf f er) ; 

break; 
case ISO_READ_BINARY: 

// compute offset from pbuf f er ( 2 , . 3 1 via casting 

offset = (short) ((pbuffer{2} << 8) | {pbuffer(3J & OxOOFF)); 

// assumes that a file is already selected 

bReturnStatus = _0S. Reads inaryFile (offset, 

pbuf fer (4 1 . 

dbuffer) ; 

// Send the data if successful 

ackBytelOl = pbufferdl ; 

if (bReturnStatus ST.SUCCESS) { 

_OS.SendMessage(ackByte, ACK^SIZE) ; 

_OS.SendHessage( dbuf fer, pbuf fer (4] } ; 

) 

break; 
default: 

bReturnStatus - ST.INS_NOT_SUPPORTED ; 

> 

} 

_0S. Sends t a tus (bReturnStatus) ; 

) 

} 

while (true) ; 

) 
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APPENDIX F 



Methods For Accessing Card Operating System Capabilities In 
The Preferred Embodiment 



public class _0S { 

static native byte 
static native byte 
static native byte 
static native byte 

static native byce 
scacic native byte 



// General File Manipulation 



SelectFile 


'{short 


file. 


.id) ; 


SelectParent 


0; 






SelectCD 


(); 






SelectRoot 


0 ; 






CreateFile 


(byte 


file. 


.hdr(]); 


DeleteFile 


(short 


file. 


.id) ; 



static native byte 
static native byte 
static native short 

// Header Manipulation 
static native byte 

// Binary File support 
static native byte 



static native byte 



// Record File support 
static native byte 

static native byte 
static native byte 



ResetFile 

ReadByte 

ReadWord 



GetFilelnfo 

ReadBinaryFile 

WriteBinaryFile 

SelectRecord 

NextRecord 
Previ ousRecord 



(); 

(byte offset) ; 
(byte offset) ; 



(byte file_hdr[J); 



(short 
byte 
byte 

(short 
byte 
byte 



(byte 
byte 
(); 
(); 



offset, 

data_length, 

buffer!) ) ; 

offset, 

data^length, 

bufferCl); 



record_nb, 
mode) ; 



static native byte 



static native byte 



ReadRecord 



WrlteRecord 



(byte 
byte 
byte 
byte 

(byte 
byte 
byte 
byte 



record_data( 1 , 
record_nb, 
offset, 
length) ; 
buffer! J . 
record^nb, 
offset, 
length) ; 



// Cyclic File Support 
static native byte 

// Messaging Functions 
static native byte 



static native byte 

static native byte 

// Identity Management 
static native byte 
static native byte 



static native byte 



static native byte 



Las t Upda tedRec 

GetMessage 

SendMessage 
Set Speed 

Chec)cAccess 
VerifyKey 

VerifyCHV 

ModifyCHV 



(); 



(byte bufferO, 

byte expected_length, 

byte ac3c_code) ; 

(byte bufferCl, 

byte data_length) ; 

(byte speed) ; 



(byte ac_action) ; 

(byte key_number, 

byte key_buf f er ( J , 

byte )cey_length) ; 
(byte CHV_nuinber. 

byte CHV_buffer() , 

byte unbloc)c_f lag) ; 
(byte CHV.nuinber, 

byte old_CHV_buffer(J. 

byte new_CHV_bu f f er ( } . 



byte 

static native byte GetFileStatus (); 

static native byte SetFileStatus (byte 



unbloc3c_:lag) ; 
f ile_status) ; 



static native byte 
static native byte 

static native byte 
static native byte 



GrantSupervisorMode (); 
RevokeSupervisorMode ( ) ; 



SetFileACL 
GetFileACL 



// File context manipulation 



static native void 
static native void 
static native void 

// utilities 
static native byte 



static native short 
static native void 
static native byte 
static native byte 

static native byte 



InitFileStacus 
3ac kupF ileStatus 
RestoreFi leStatus 



CompareBuffer 



Ava i 1 abl eMemory 
ResetCard 
SendATR 
SetOefaultATR 

Execute 



(byte 
(byte 



(byte 
byte 
byte 

{) ; 

{byte 

(); 

(byte 
byte 



file.aclH); 
file.aciO ) ; 



pattern_ien'gth, 
buffer^lt) , 
buffer_2[]); 

mode ) ; 



bufferCl . 
length) ; 
(short file^id. 
byte flag) ; 



// Global state variable 
static native byte 
static native byte 
static native short 
static native byte 
static native byte 
static native short 
static native void 



functions 
Getldentity 
GetRecordNb 
GetApplicationId 
GetRecordLength 
GetFileType 
GetFiXeLength 
Sends tatus 



() 
() 
0 
0 
() 
0 

(byte status) ; 
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APPENDIX G 



Byte Code Attributes Tables 

Dividing Java byte codes into type groups 

Each bytecode is assigned a 5 bit type associated with it. This is used to group the codes into similarly behaving 
sets. In general this behaviour reflects how the types of byte codes operate on the stack, but types 0, 13. 14. and 15 
reflect specific kinds of instructions as denoted in the comments section. 

The table below illustrates the state of the stack before and after each type of instruction is executed. 
Iffi® Before execution After exececution Comment 



0 
1 
2 
3 
4 
5 
6 
7 
3 
9 
10 
11 
12 
13 
14 
15 
16 



push (1) 



push(l) 
stkO==ref 



stkO==int 
stkO==int 
stkO==ref 
stkO==int 
push ( 1 ) 



stkO==int 
stkO==inc 
stkO==int 



stkl 



stkl 



stkl 



int 



int 



int 



pop ( 3 ) 
pop(l) 
pop(l) 
pop(l) 
stkO<- 
stkO<- 
stkO<- 



pop ( 1 ) 
pop(l) 
pop (2) 



stkO<- 



int 
ref 
int 



ref 



DUPs, SWAP instructions 
INVOKE instructions 
FIELDS instructions 



Illegal instruction 




Using Standard Java Byte Code (without reordering) - Attribute Lookup Table 



' Table of bycecode decode informacion. This concains a bycecode cype 

and a bycecode iengch. vie currently support all standard bycecode s 
• lie. no quicks) which gives us codes 0 to 201 (202 codes in all). 



f*def ine T_ 


0 


#def ine T3 


1 


i#def ine T6 


2 


itdef ine Tl 


3 


^define T2 


4 


#def ine T7 


5 


#define T9 


6 


ftdefine T8 


7 


#def ine T12 


8 


Sdef ine TIO 


9 


#def ine T5 


10 


#def ine Til 


11 


#def ine T16 


12 


f*def ine T4 


13 


»def ine T13 


14 


#def ine T14 


15 


#de£ine TIS 


16 



#def ine D(T, L) 

»def ine _BUILD_ITYPE_AND_ILENGTH(T, L) 
#def ine _BUILD_ITYPE(T) 
#def ine _BUILD_ILENGTH(L) 
#def ine _GET_ITYPE ( I ) 
#def ine _GET_IL£NGTH { I ) 



_BUILD_XTyPE_AND_ILENGTH (T , L) 
(_BUILD_ITyPE{T) |_BUILD_ILENGTH(L) ) 
((T) « 3) 
(L) 

{(I) & OxFS) 
((I) & 0x07) 



const uintS _SCODE _decodeinf o (256) = { 



D( 


T4 , 




/• 


NOP 


*/ 


D( 


Til . 




/• 


ACONST_NULL 


•/ 


0( 


TIO . 




/• 


IC0NST_M1 


*/ 


0( 


TIO . 




/• 


ICONST_0 


*/ 


D( 


TIO . 




/• 


ICONST.l 


♦/ 


D( 


TIO . 




/• 


IC0NST_2 


*/ 


D( 


TIO , 




/* 


IC0NST_3 


*/ 


D( 


TIO . 




/• 


IC0NST_4 


*/ 


D( 


TIO 




/• 


ICONST.S 


•/ 


D( 


T_ 










D( 


T_ 










D( 


T. 










D( 


T_ 










D( 


T_ 










D{ 


T_ 










D{ 


T_ 










D{ 


TIO 




/• 


BIPUSH 


*/ 


D( 


TIO 




/• 


SI PUSH 


*/ 


D{ 


T_ 




/* 


LDCl 


♦/ 


D( 


Til 




/* 


LDC2 


♦/ 


D( 


T_ 










D( 


T5 


2 ) . 


/♦ 


ILOAO 


*/ 


D( 


T_ 


2 ) , 








D( 


T_ 


2 ) , 








D( 


T_ 


2 ) , 








D{ 


T5 


2 ) . 


/• 


ALOAD 


* / 


D( 


T5 




/» 


ILOAD_0 




Dt 


T5 




/• 


ILOAD^l 


♦ / 


D( 


T5 




/• 


IL0AD_2 




D( 


T5 




/• 


IL0AD_3 




D( 


T« 










D( 


T_ 










D( 


T« 










D( 


T_ 










D{ 


T_ 










D{ 


T« 











D( 




1 ) . 








D( 


T_ . 


1 > 








D{ 


. 


1 ) , 








D( 


T_ , 


i ) . 








D( 


, 


I J 








D( 


T_ , 


1 ) 








D( 


T5 . 


I ) . 


/• 


ALOAD.O 


•/ 


D( 


T5 


I ), 


/* 


AL0AD_1 


•/ 


D( 


T5 , 


1 ) , 


/* 


AL0AD_2 




D( 


T5 . 


•» \ 


/* 


AL0AD.3 


•/ 


D( 


T_ , 


1 ) , 


/• 


lALOAD 


•/ 


D( 


, 


1 ) , 








D( 


T_ , 


1 ) , 








D( 


T_ , 


1 ) , 








D( 


T_ , 


1 ) , 


/* 


AALOAD 


•/ 


D( 


T7 , 


1 ) , 


/• 


BALOAD 


•/ 


D( 


T_ . 


1 ). 


/• 


CALOAD 


•/ 


D( 


T7 , 


i ) . 


/• 


SALOAD 


*/ 


D( 


T2 , 


2 ) , 


/* 


I STORE 


•/ 


D( 


T_ , 


2 ) , 








D( 


T_ . 


2 ), 








0( 


T_ . 


2 ). 








D( 


T8 . 


2 }. 


/* 


ASTORE 


• / 


D( 


T2 


1 ) . 


/• 


ISTORE^O 


• / 


D( 


T2 


1 ) , 


/• 


ISTORE.l 


. / 


D( 


T2 


1 ) # 


/• 


IST0RE_2 


• / 


D( 


T2 , 


1 ) , 


/• 


IST0RE_3 


• / 


D( 


T_ 


1 ) # 








D( 


T. 


1 ) . 








D( 


T_ 


1 ) ^ 








D{ 


T_ 


1 ) . 








D( 


T_ 


1 ) , 








D( 


T_ 


1 ) t 








D{ 


T_ 


1 ) , 








D( 


T_ 


1 ) , 








D( 


T_ 


1 ) / 








D( 


T_ 


1 ) , 








D( 


T_ 


1 ) , 








D( 


T- 


1 ) . 








D(. 


T8 


1 } . 


/* 


ASTORE^O 


*/ 


D( 


T8 


1 ) . 


/• 


AST0RE_1 


♦/ 


D( 


T8 


1 > 4 


/• 


AST0RE_2 


♦/ 


D( 


T8 


1 ) , 


/* 


AST0RE_3 


•/ 


D( 


T« 


1 ) , 


/• 


lASTORE 


•/ 


D( 


T_ 


1 ) , 








D( 


T_ 


1 ) , 








D( 


T_ 


1 ) , 








D( 


T_ 


f 1 ) * 


/• 


AA5T0RE 


• / 


D( 


T6 


1 ) , 


/* 


BASTORE 


*/ 


D< 


T_ 


r 1 ) , 


/* 


CASTORE 


♦ / 


D( 


T6 


r 1 ) » 


/• 


SASTORE 


• / 


D( 


T2 


r 1 ) » 


/* 


POP 


• / 


0( 


T3 


. 1 ) » 


/* 


P0P2 


♦ / 


D( 


TX3 


' 1 ) » 


/* 


DUP 


•/ 


D( 


T13 


. 1 ) » 


/• 


DUP_X1 


•/ 


D( 


T13 


. 1 } . 


/* 


DUP_X2 


*/ 


D( 


T13 


, I ) » 


/• 


DUP2 


?/ 


D( 


T13 


, I ) . 


/• 


DUP2_X1 


•/ 


D( 


T13 


. 1 ) , 


/• 


DUP2.X2 


•/ 


D( 


T13 


. 1 ) , 


/* 


SWAP 


•/ 


D( 


Tl 


» 1 ) # 


/• 


lAOD 


♦/ 


D( 


T_ 


, I ) . 








D( 


T_ 










D( 


Tl 










D( 


T_ 






rsuB 


*/ 


D( 


T_ 










D( 


T_ 










D{ 


T_ 










D( 


Tl 




/• 


IMUL 




D( 


T_ 










D( 


T_ 











D{ T_ 


i ) . 








0( Tl 


. i ) , 




IDIV 


• / 


D{ T_ 


. 1 } . 






Dt T_ 


. 1 ) . 








D( T_ 


. 1 ) . 








D( Tl 


. I ) . 


/ ♦ 


IREM 


V 


0{ T_ 


. 1 ) . 








D( T_ 


. 1 ) . 








D( T_ 


. 1 ) , 








D( T9 


1 ) 


/• 


INEG 


•/ 


D( T_ 


. 1 ) . 








D( T_ 


, 1 ) . 








D( T_ 


. 1 ) . 








D( Tl 


. 1 ) . 


/* 


ISHL 


•/ 


D( T_ 


. i ) . 








D( Tl 


. 1 } 4 


/• 


ISHR 


*/ 


D( T_ 


. 1 ) , 








D{ Tl 


, 1 ). 


/• 


lUSKR 


*/ 


D( T_ 


, 1 ), 








D( Tf 


. 1 ) , 


/• 


lAND 


•/ 


D{ T_ 


, 1 ) , 








D( Tl 


, 1 ) . 


/• 


lOR 


•/ 


D{ T_ 


, 1 ) . 








D( Tl 


, 1 ) . 


/• 


IXOR 


•/ 


D( T_ 


. 1 ) . 








D{ T4 


, 3 ) . 


/• 


I INC 


•/ 


D( T_ 


, 1 ) , 








D{ T_ 


. 1 ) , 








D< T_ 


. 1 ) . 








D( T_ 


, 1 ) , 








D( T_ 


, 1 ) . 








D( T_ 


. 1 > , 








D{ T_ 


. 1 ) , 








D( T„ 


, 1 ) , 








D( T_ 


. 1 ) , 








D( T_ 


, 1 ) . 








D( T_ 


, 1 ) , 








D{ T_ 


, 1 > , 








D( T9 


. 1 ) , 


/* 


INT2BYTE 


*/ 


D( T9 


, 1 ) . 


/* 


INT2CHAR 


*/ 


D( T_ 


, 1 ) . 


/• 


INT2 SHORT 


*/ 


D( T_ 


, 1 ) , 








D( T_ 


. 1 








D( T_ 


, 1 >. 








D( T_ 


, 1 ) . 








D( T_ 


. 1 ) , 








D( T2 


* 3 ) , 


/* 


IFEQ 


•/ 


D( T2 


, 3 ), 


/• 


IFNE 


•/ 


D( T2 


* 3 ) , 


/• 


IFLT 


•/ 


D( T2 


- 3 ), 


/• 


IFGE 


•/ 


D( T2 


, 3 ) . 


/• 


IFGT 


•/ 


D( T2 


. 3 ) . 


/• 


IFLT 


*/ 


D( T3 


. 3 ) , 


/• 


IF.ICMPEQ 


*/ 


D( T3 


. 3 ) , 


/• 


IF.ICMPNE 


V 


D( T3 


/ 3 ) , 


/♦ 


IF.ICMPLT 


•/ 


D( T3 


, 3 ) , 


/• 


IF_ICMPGE 


*/ 


D( T3 


» 3 > , 


/• 


IF_IC3^PGT 


•/ 


D( T3 


, 3 > , 


/* 


IF.ICMPLE 


•/ 


D( T3 


* 3 ) , 


/• 


IF_ACMPEQ 


*/ 


D( T3 


. 3 ) , 


/• 


IF_ACMPNE 


V 


D< T4 


. 3 ) , 


/* 


GOTO 


*/ 


D( T_ 


. 3 ) . 


/* 


JSR 


*/ 


D( T_ 


* 2 ) , 


/• 


RET 


*/ 


D( T2 


. 0 ) , 


/* 


TABLESWITCH 


*/ 


D( T2 


, 0 ) . 


/• 


LOOKUPSWITCH*/ 


0( T2 




/• 


IRETURN 


*/ 


D( T_ 










D( T_ 










D( T_ 










0( T8 




/* 


ARETURN 


*/ 


D< T4 


1 ) . 


/• 


RETURN 


V 



D{ T15 

D{ T15 

D( T15 

D{ T15 

D( T14 

D( T14 

D( T14 

D( T14 

D{ T_ 

D{ Til 

0{ T16 

D( T12 
D( T8 
D( T16 
D( T12 
0{ T. 
D{ T_ 
D{ T_ 
D( T_ 
D( T8 
D( T8 
D( T_ 
D( T_ 
DC T_ 
D( T„ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D{ T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D< T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D{ T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 
D( T_ 



/• GETSTATIC */ 

/• PUTSTATIC ■ '/ 

/• GETFIELD */ 

/• PUTFIELD •/ 

/• INVOKEVIRTUAL */ 

/• INVOKESPECIAL */ 

/• INVOKESTATIC */ 

/• INVOKEINTERFACE ' 

/• NEW •/ 

/• NEWARRAY '/ 

/• ARRAYLENGTH */ 

/• ATHROW '/ 

/• CHECKCAST '/ 

/• INSTANCEOF '/ 



/* IFNULL */ 
/♦ IFNONNULL •/ 
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APPENDIX H 

Checks Done On Java Byte Codes By Type 



Decoding the insiruciion. This gives us the length to generate the next PC, and the instruction type: 

pcargl = _GET_lLENGTH{_decodein£o(insnJ ) ; 
itype = .GET_ITyPE(_decodeinfo(insnl); 

Implement some pre-execution checks based on this: 

/* Check the input stack state based on the instuction. type •/ 
if (itype <= ITYPE9) { 

if (itype <= ITYPEl) { 

check_s tack_int ( 1 ) ; 

} 

check_stack_int (0) ; 

> 

else if (itype <= ITYPE12) { 
check_stack_ref (0) ; 

) 

else if (itype < ITYPEll) { 
push ( 1 } ; 

) 

Finally, implement some post execution checks: 

/* Set the output state •/ 
if (itype <= ITYPE8) ( 

if (itype <= ITYPES) ( 

if (itype >= ITYPE6) { 
pop(l); 

} 

pop(l) ; 

) 

pop(l) ; 

) 

else if (itype <= ITYPEIO) { 
set_stack_int(0) ; 

) 

else if (itype >= ITYPEll && itype <= ITYPE16) ( 
set_stack_ref (0) ; 

) 
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APPENDIX I 

Checks Done On Renumbered Java Byte Codes 



Get the instruction. The numeric value of the instruction implicitly contains the instruction type: 

insn = getpc(-l) ; 



Implement some pre-execution checks based on this: 



* Check input stack state. 3y renumbering the byte codes we can 

* perform the necessary security checks by testing if the value of the 

* byte code {and hence the byte code) belongs to the correct group 
*/ 

if (insn <= TYPE9_END) { 
if (insn <= TYPE1_END) { 
check_stack_int ( 1) ; 

) 

check_stack_int (0) ; 

} 

else if (insn <= TYPE12_END) { 
check_stack_ref (0) ; 

) 

else if (insn <= TYPEll^END) ( 
pushd) 

) 



Finally, implement some post execution checks: 
/* 

* Set output stack state. 
•/ 

if (insn <= TYPES.END) { 
if (insn <= TYPE6_END) { 
if (insn >= TYPE6_START) { 
pop ( 1 ) ; 

} 

pop(l) ; 

) 

pop ( 1 ) ; 

} 

else if (insn <= TYPE10_E2TO) ( 
set_stack_int (0) ; 

) 

else if (insn TYPEll^START && insn <= TYPE16_END) { 
set_stack_ref (0) ; 



Reordering of supported Java byte codes by type 



/* TYPE 3 •/ 

l^define s_P0P2 0 

^define s_IF_ICMPEQ 1 

^define s^IF^ICMPNE 2 

i^define s_IF_ICMPLT 3 

Sdefine s_IF_ICMPGE 4 

{^define s_IF_ICMPGT 5 

^define s_IF_ICMPLE 6 

^define s_IF_ACMPEQ 7 

iJdefine s_IF_ACMPNE 3 

/• TYPE 6 */ 

^define TYPES.START 9 

ttdefine s.SASTORE 9 

#define s.JU^TORE 10 

»define s^BASTORE 11 

»define TYPE6_END 12 

/• TYPE 1 */ 

i^deflne s_IADD 13 

Sdefine s_ISUB 14 

# define s^IMUL 15 

#define s^IDIV 16 

#define s_IREM 17 

#define s_ISHL 18 

#define s_ISHR 19 

^define s_IUSHR 20 

#define s_IAND 21 

#define s^IOR 22 

«define s.IXOR 23 

»def ine TYPEl^END 23 

/• TYPE 2 •/ 

#define s.ISTORE 24 

Sdefine s.POP 25 

#define s.IFEQ 26 

^define s_IFNE . 27 

#define s_IFLT 28 

#de£ine s.IFGE 29 

#define s.IFGT 30 

#define s.IFLE 31 

#define s.TABLESWITCH 32 
^define s^LOOKUPSWITCH 33 

■ # define s_IRETURN 34 

/• TYPE 7 ♦/ 

#define s_SALOAD 3 5 

# define s^AALOAD 36 

#define s^BALOAD 37 

/* TYPE 9 •/ 

#define s_INEG 39 

#define s_INT2BYTE 40 

#define s_INT2CHAR 41 

Sdefine TY?E9_END 41 

/• TYPE 8 •/ 

define s_ASTORE 42 

^define s_ARETURN 4 3 



» define s^ATHROW 
#define s^ZFNULL 
ftdefine s.IFNONNULL 

#define TYPES^END 

/* TYPE 12 •/ 

idefine s_ARRAYLENGTH 
ftdefine s^INSTANCEOF 

^define TYPE12_END 



44 
45 
46 

46 



47 
48 

48 



/• TYPE 10 */ 

^define s^SIPUSH 49 

#define TYPEIO^END 49 
/• TYPE 5 •/ 

#define s^ILOAD 50 

#de£ine sJOJOPiD 51 

/• TYPE 11 */ 

^define TYPE11_START 52 

Sdefine s_ACONST_NULL 52 

#define s_LDC2 53 

t»de£ine S.JSR 54 

ttdeCine s^NEW 55 

Udefine TYPEIX.END 55 

/• TYPE 16 •/ 

#de£ine s_NEWARRAY 56 

ttdefine s^CHECKCAST 57 

#define TYPE16_END 57 

/• TYPE 13 •/ 

ftdefine s^DUP 58 

#define s_DUP_Xl 59 

#define s_DUP_X2 60 

^define s_DUP2 61 

ttdefine s_DUP2_Xl 62 

#define s_DUP2_X2 63 

^define s.SWAP 64 

/* TYPE 14 •/ 

l*define s.INVOKEVIRTUAL 55 /* 01000001 */ 
#define s^INVOKENONVIRTUAL 66 /* 01000010 •/ 
ttdefine s_INVOKESTATIC 67 /' 01000011 */ 

^define s^INVOKEINTERFACE 68 /* 01000100 */ 



/♦ TYPE 15 ♦/ 

Sdefine s^GETSTATIC 69 

#define s^PUTSTATIC 70 

#de£ine s_GETFIELD 71 

»de£ine s.PUTFIELD 72 

/• TYPE 4 •/ 

^define s_NOP 73 

ftdefine s_IINC 74 

« define s^GOTO 75 

#define s.RET 76 

Sdefine s.RETURN 77 



t: 



